Coming Soon: Dynamic Role-Based Access Control (RBAC)

using your own identity provider (idp), you can enable automatic user creation and role mapping to add users to trufflehog this feature allows trufflehog admins to map different fields (such as groups) found in your company's idp to roles within trufflehog trufflehog currently supports three roles admin full access to trufflehog, including configurations, user maintenance, and more editor read/write access to trufflehog, these users can triage secrets and add integrations, but cannot add users viewer read only access to trufflehog configuration and maintenance this feature is only available to trufflehog accounts who use saml sso and have sso required for trufflehog login to enable sso, go to organization enforcement section on the settings > authentication page adding users you can map one to many fields to a trufflehog role to add a new mapping go to settings > authentication in the left hand navigation scroll down to the auotmatic role mapping section and click on edit the update automatic role mappings modal will appear (see image below) for each mapping you want to add click on add another role mapping button specify the saml assertion field name and the idp group and select the appropriate trufflehog role click save when all desired fields have been queried and matched to a role any users added through this mapping will have (auto) appear at the beginning of their role in the user table found on settings > users any new users added through a mapping must login once to appear in the users table until attempted login, the user will not be listed manual role assignments to a user will override any automated assignments, even if the automated assignment grants higher priviledge if multiple roles are automatically assigned to the same user, the user will be assigned with highest privilege specified removing users you can remove users who have been added automatically by removing the mapping go to settings > authentication in the left hand navigation scroll down to the auotmatic role mapping section and click on edit the update automatic role mappings modal will appear for each mapping you want to remove, click on the x button click save since you are removing users, you will be prompted to verify you want to save and delete the corresponding users click yes to apply these changes when you remove a role mapping, all users added to trufflehog through that mapping will become disabled unless they were manually added these users will appear in the settings > users table upon their next attempted login, they will be visibly disabled as well and their role will list removed